News

Flaw Discovered in Latest PC-Infecting Ransomware

It has been discovered that CryptoDefense, the latest ransomware targeting PC systems in the UK, has a rather large flaw in its makeup – poor coding.

Since the strain of malware was detected back in February, more than 11,000 infections have been detected, with security experts estimating that the creators are making up to $38,000 a month in Bitcoin. However, while victims are asked to pay up before being given a key to decrypt the data, it seems that the coders have made the basic mistake of storing the decryption key unencrypted on the hard disk of PCs.

Symantec, who was first to uncover the coding error, explained:

As advertised by the malware authors in the ransom demand, the files were encrypted with an RSA-2048 key generated on the victim’s computer. This was done using Microsoft’s own cryptographic infrastructure and Windows APIs to perform the key generation before sending it back in plain text to the attacker’s server. However, using this method means that the decryption key the attackers are holding for ransom, actually still remains on the infected computer after transmission to the attacker's server.

Before handing over any money, victims are being urged to check in the Application Data > Application Data > Microsoft > Crypto > RSA folder of their PCs for the private key, noted The Register.

A Worrying Trend

While the discovery of the flaw is great news for anyone currently infected by CryptoDefense, it has come too late for those that have already handed over money to the cybercriminals. The poor coding has also slightly overshadowed a worrying trend that has spiralled off the back of the highly successful and lucrative CryptoLocker – malware that has pulled in millions across the world and continues to cause problems for PC owners.

Ransomware is the malware of choice at the moment for cybercriminals and spam programmes are receiving massive investment. CryptoDefense may have failed, but it has not done so without duping thousands of people and earning hundreds of thousands of pounds in the process. The ransomware that follows this is unlikely to be so lax in its coding.

In order to safeguard against this growing threat, we recommend that you counter ransomware by installing Cloud Web Security and using Cloud Online Backup to backup and protect your files and folders. ITWiser’s security software is designed to eliminate malicious content at cloud level and will ensure your money does not end up in the hands of cybercriminals.

Latest News

A major enterprise technology vendor has been involved in a major data breach however the name of this company remains unknown. A few weeks ago, an employee called Jeff left his job at their Singaporean branch, not long after Jeff left he decided to google his old ID number which left him very d ..

It has been reported yesterday that thousands of websites from all around the world have been breached. The websites affected vary from the UK’s NHS (https://www.nhs.uk/pages/home.aspx) and ICO (https://ico.org.uk/) to the US government’s court system, all the affected websites were ..

It has been reported a group of scammers have been trying to impersonate the FBI (https://www.fbi.gov/). Further reports suggest that the scammers may have bitten of more than they can chew, the scammers aim is to spread malware across as many machines as possible.
The Internet Crime Compla ..